Privilege Descriptions

Privileges are logically grouped on the basis of the area of the
privilege.

FILEprivileges – Privileges
that begin with the string file operate on file system
objects. For example, the file_dac_write privilege overrides
discretionary access control when writing to files.

IPCprivileges – Privileges
that begin with the string ipc override IPC object access
controls. For example, the ipc_dac_read privilege enables
a process to read remote shared memory that is protected by DAC.

NETprivileges – Privileges that begin with the string net give
access to specific network functionality. For example, the net_rawaccess privilege enables a device to connect to the network.

PROCprivileges – Privileges that begin with the
string proc allow processes to modify restricted properties
of the process itself. PROC privileges include privileges
that have a very limited effect. For example, the proc_clock_highres privilege
enables a process to use high resolution timers.

SYSprivileges – Privileges that begin with the string sys give
processes unrestricted access to various system properties. For example, the sys_linkdir privilege enables a process to make and break hard
links to directories.

Some privileges have a limited effect on the system, and some have a
broad effect. The definition of the proc_taskid privilege
indicates its limited effect:

proc_taskid
Allows a process to assign a new task ID to the calling process.

The definition of the file_setid privilege indicates
its broad effect:

net_rawaccess
Allow a process to have direct access to the network layer.

The privileges(5) man page provides descriptions
of every privilege. The command ppriv -lv prints a description
of every privilege to standard out.